File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes LDAP - Allowing user to change his own attributes Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "LDAP - Allowing user to change his own attributes" Watch "LDAP - Allowing user to change his own attributes" New topic
Author

LDAP - Allowing user to change his own attributes

Cameron Dalton
Greenhorn

Joined: Nov 14, 2008
Posts: 19
I have a number of tasks in a project I'm working on that require LDAP password policy settings, like remembering password history, locking the account after x number of failures, and one is that a user must change his password after an administrator resets it.

My java code can successfully change a password if logged in as the admin (e.g. cn=root), but when I attempt to connect as the user with his credentials, I get a NoPermissionException (error code 50). Then I tried changing other attributes of that user (while logged in as the user), and I get the same NoPermissionException.

What do I need to do to make changes in my LDAP directory as the logged in user? I can't just login as the admin to make the change because then the password complexity rules aren't enforced (since the admin can do whatever he wants).

Thank you very much for your help.
Cameron Dalton
Greenhorn

Joined: Nov 14, 2008
Posts: 19
I think I've decided that this is a server issue.

I've been attempting to configure the permissions so that all users have write access to their own record, and my server config claims to have this ability, but that's giving me additional problems. In any case, that's a question for a completely different forum.
Will Lam
Greenhorn

Joined: Aug 31, 2011
Posts: 1
Hi,

I've encountered exactly the same problem as you.

How does you make it out? I know it has been long time ago. Would you mind to share your code?

Thanks.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: LDAP - Allowing user to change his own attributes